May Cyber update from the Office of Rob Kleeger

May 24, 2023 2:01 pm


I hope you are enjoying the great unofficial summer weather in the Nor'East.

It's been exciting hearing about and witnessing the prom season, graduations, and new beginnings reconnecting with Friends, Clients, and Family.

For those whom I haven't heard from in a while, my bad! Please do reach out to catch up.

Thank you to all of our Veterans and their families for the sacrifices made for many generations. Wishing you a happy and enjoyable Memorial Day Weekend!


All the best,

Rob Kleeger


Words of Wisdom:

​“Success in business requires training and discipline and hard work. But if you're not frightened by these things, the opportunities are just as great today as they ever were."

- David Rockefeller



American Bar Association’s Data Breach Exposes User Credentials of 1.4 Million Members

The American Bar Association (ABA) suffered a massive data breach that leaked the user credentials of more than a million members. ABA notified affected individuals that it detected unauthorized third-party access on March 17, 2023. The ABA disclosed that unauthorized access exposed “usernames and hashed and salted passwords” used on the “old ABA website prior to 2018 or the ABA Career Center since 2018.” The investigation determined that the threat actor gained access to a decommissioned server around March 06, 2023, and obtained certain client information.

2022 FBI IC3 Report Shows $2.7 Billion in Losses from Business Email Compromise

Business email compromise (BEC) was clearly an effective strategy for fraudsters in 2022. Last year, businesses lost more than $2.7 billion due to these scams, according to the latest Internet Crime Report from the FBI’s Internet Crime Complaint Center (IC3). That’s $300 million more than in 2021.

IC3 received a total of 800,944 reported complaints, with losses exceeding $10.3 billion. Interestingly, while the total number of complaints decreased by 5%, dollar losses increased significantly by 49%. Phishing schemes were the number one crime type with 300,497 complaints and, for the first time, investment schemes reported the highest financial loss to victims. Victims aged 30-39 were the largest reporting group, while the greatest dollar loss was incurred by citizens aged 60 and older.

NIST Launches Cybersecurity Initiative for Small Businesses

To help small businesses face the growing cyber threat, NIST recently launched its Small Business Cybersecurity Community of Interest (COI).

For small organizations, the current cyber threat landscape is brutal. While big-name breaches steal the headlines, small businesses suffer the most from ransomware attacks. Additionally, other studies reveal that only half of all small businesses are prepared for a cyberattack. In the face of these challenges, NIST is creating a new initiative to help. 



Authentication of ESI on Motion Compelling Arbitration Despite Factual Dispute

In Mason v. Domino’s Pizza, LLC, 2021 WL 4820520, at *5 (D. Md. Oct. 15, 2021)(Boardman, J.), the Court addressed authentication of ESI on a summary judgment motion. Here, defense counsel dotted all of the “I’s,” crossed all of the “T’s,” and prevailed despite the plaintiff’s contradictory sworn evidence.

The Court wrote: Mr. Mason argues Domino’s has not properly authenticated his e-signature on the arbitration agreement. The Court is not persuaded.

Under Federal Rules of Evidence 901, a party may authenticate electronically stored information such as e-signatures by “produc[ing] evidence sufficient to support a finding that the item is what the proponent claims it is,” such as “[t]estimony that an item is what it is claimed to be” or “[e]vidence describing a process or system and showing that it produces an accurate result.” Fed. R. Evid. 901(a), (b)(1), (9); see Lorraine v. Markel Am. Ins. Co., 241 F.R.D. 534, 542 (D. Md. 2007) (noting “[a] party seeking to admit an exhibit need only make a prima facie showing that it is what he or she claims it to be,” which “is not a particularly high barrier to overcome”).

A Wolf in Sheep’s Clothing: Litigant Can’t Convert a Discovery Dispute Into a Sanctions Motion

Litigants cannot use a spoliation motion to bring an untimely discovery dispute to the court.  Rains v. Westminster College, 2023 WL 2894506, at *4 n. 44, passim (D. Ut. Apr. 11, 2023).

Ms. Rains, proceeding pro se, brought this action against her former employer, Westminster College, and Westminster employees Melissa Koerner and Richard Badenhausen, following her termination from a faculty position at Westminster College. Ms. Rains has asserted claims for discrimination and retaliation under Title VII of the Civil Rights Act of 1964 and breach of contract, among other claims. Ms. Rains' arguments for sanctions fail. Ms. Rains has failed to establish spoliation occurred. Instead, Ms. Rains' allegations regarding spoliation constitute little more than undeveloped discovery disputes, which Ms. Rains has not timely raised. Moreover, Ms. Rains has not met her burden of establishing the Westminster Defendants had a duty to preserve evidence for any of the alleged incidents of spoliation-and she has failed to demonstrate the Westminster Defendants engaged in sanctionable conduct. Accordingly, Ms. Rains' motion is denied.

U.K. Fraudster Behind iSpoof Scam Receives 13-Year Jail Term for Cyber Crimes

A U.K. national responsible for his role as the administrator of the now-defunct iSpoof online phone number spoofing service has been sentenced to 13 years and 4 months in prison. Tejay Fletcher, 35, of Western Gateway, London, was awarded the sentence on May 18, 2023. He pleaded guilty last month to a number of cyber offenses, including facilitating fraud and possessing and transferring criminal property.

iSpoof, which was available as a paid service, allowed fraudsters to mask their phone numbers and masquerade as representatives from banks, tax offices, and other official bodies to defraud victims. The help desk scam purported to warn targets of suspicious activity on their accounts and tricked them into disclosing sensitive financial information or transferring money to accounts under the threat actor's control.



  • Avoid using your personal email everywhere: Nowadays most sites ask you to sign up before entering. Signing up with a bunch of sites floods your mailbox with a lot of spam emails. You can use disposable email accounts for such cases. It will help you get rid of spam emails. As we know, reusing passwords may be harmful in case of a data breach from certain sites. We can avoid the usage of actual email unless it is necessary.
  • Think before you post: Do you know that you can board a flight without posting it on social media? You can restrict what to share with a larger audience on social media because you don’t know everyone there. Some people have a habit of posting everything on social media platforms, but such things can be harmful in one or another way.
  • Awareness is the key: Keep yourself updated about the latest threats and practices cyber criminals are using so you can stay one step ahead of them.



Digital4nx Group provides a blend of legal and technology services where we systematically identify, preserve, extract, analyze, and interpret digital evidence.

Our services are commonly used to:

  • React and respond by providing litigation support services for plaintiffs or defendants, as well as providing expert testimony and consulting, both in and out of court.
  • Proactively identify and provide insights on how to better secure your confidential data, technology, and compliance.


Cyber Security Services

Cyber incidents can be damaging to an organization, both in the short and long term. Digital4nx Group ​helps business leaders protect their “crown jewels” through reasonable, defensible, and cost-effective​ ​services... Before, During, and After a Data Incident! We offer a multi-disciplined approach to cyber services such as: